McAfee leads new criteria for next-gen IPS

McAfee, the global leader in network intrusion prevention systems (IPS) has announced its network security framework which integrates advanced network intrusion prevention with essential next-generation controls. The solution addresses a need for security tools to prevent increasingly sophisticated attacks, with sufficient intelligence and automation to take the guesswork out of attack prevention and resolution.

The network security framework includes significant enhancements to the McAfee Network Security Platform, including application visibility and integrated threat-context, aligning it with Gartners criteria for next-generation network IPS in its report, Defining Next-Generation Network Intrusion Prevention as published on Oct. 7, 2011.1 According to the report, Threats are focusing on installing targeted malicious executables onto user PCs, which use advanced techniques to avoid detection and use botnet delivery mechanisms to perform multistage attacks. Simply stopping attacks that are looking for unpatched servers is no longer sufficient in this environment.

Gartner uses the term next-generation network IPS to indicate the necessary evolution of network IPS to deal with changes in network communications and applications and changes in the threat landscape, says Greg Young. Gartner Research. As a minimum, a next-gen IPS will have standard first-generation IPS capabilities plus application awareness, context awareness, content awareness especially providing full stack inspection.

The McAfee network security framework includes the following aspects:

* Advanced Network IPS: With tens of thousands of sensors deployed worldwide, McAfee Network Security Platform is the industrys leading Network IPS, protecting more enterprises worldwide than any other vendor. Its protocol-based inspection provides leading protection against advanced malware, zero-day attacks, DDoS attacks, and botnets. The latest release includes new DoS, DDoS prevention capabilities and dozens of new botnet heuristics to more accurately and confidently identify misbehaving systems.* Application awareness and control: The McAfee Network Security Platform is the first and only IPS solution to combine advanced threat prevention and application awareness into a single security decision engine. It includes Layer 7 visibility of over 1,100 applications and enhanced rule definition for simple application control, including the ability to correlate application activity with network attacks to intelligently affect security enforcement decisions.* Predictive threat intelligence: McAfees network security framework incorporates McAfee Global Threat Intelligence (GTI), providing organizations with superior protection against emerging threats. It is the only IPS solution that can affect inline security decisions based on the identity and reputation of hundreds of billions of file, IP, URL, protocol, and geo-location data.* Context-aware security: Separating noise from legitimate threats can take up most of a security administrators day. McAfee network security framework correlates data from several sources McAfee GTI, vulnerability scans, application visibility, and network behavior to confidently identify attacks, eliminate false positives and make dynamic enforcement recommendations. For example, a medium confidence alert-only event can be dynamically upgraded to a high confidence block event based on the correlation of built-in attack definitions and IP reputation intelligence.* Content analysis: Targeted attacks using advance malware techniques are becoming increasingly common, and cybercriminals are finding ways around traditional black-list based security systems. Integration with advanced malware detection, network forensics and data loss prevention tools make McAfees network security framework the ultimate tool against theft of an organisations intellectual property.

To fully understand and eradicate targeted attacks, you need complete visibility of all network traffic, its source and scope, and whether it occurred days, weeks, or months in the past, said Steve Shillingford, President and CEO of Solera Networks. McAfee Network Security Platforms integration with Soleras DeepSee applications delivers a seamless workflow to security analysts taking you from an alert to irrefutable evidence of the attack, breach or threat, dramatically reducing the time it takes to pinpoint compromises.